合格できるPalo Alto Networks Palo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0試験最速合格保証最近更新されたGoShiken問題集!
合格できるPCNSE試験の150問題で最適なGoShiken出題問題
質問 87
Which three options are supported in HA Lite? (Choose three.)
- A. Synchronization of IPsec security associations
- B. Configuration synchronization
- C. Active/passive deployment
- D. Virtual link
- E. Session synchronization
正解: A,B,C
質問 88
A standalone firewall with local objects and policies needs to be migrated into Panoram
- A. Use the "import device configuration to Panorama" operation, then "export or push device config bundle" to push the configuration
- B. Use the "import Panorama configuration snapshot" operation, then perform a device-group commit push with "include device and network templates"
- C. Use the "import device configuration to Panorama" operation, then perform a device-group commit push with "include device and network templates"
- D. What procedure should you use so Panorama is fully managing the firewall?
- E. Use the "import Panorama configuration snapshot" operation, then "export or push device config bundle" to push the configuration
正解: B
解説:
https://docs.paloaltonetworks.com/panorama/9-1/panorama-admin/manage-firewalls/transition-a- firewall-to-panorama-management/migrate-a-firewall-to-panorama-management.html
質問 89
An administrator sees several inbound sessions identified as unknown-tcp in the Traffic logs. The administrator determines that these sessions are form external users accessing the company's proprietary accounting application. The administrator wants to reliably identify this traffic as their accounting application and to scan this traffic for threats.
Which option would achieve this result?
- A. Create a custom App-ID and use the "ordered conditions" check box.
- B. Create an Application Override policy and custom threat signature for the application.
- C. Create an Application Override policy.
- D. Create a custom App-ID and enable scanning on the advanced tab.
正解: D
解説:
Explanation
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClRoCAK
質問 90
Which Panorama objects restrict administrative access to specific device-groups?
- A. admin roles
- B. access domains
- C. authentication profiles
- D. templates
正解: B
解説:
Access domains control administrative access to specific Device Groups and templates, and also control the ability to switch context to the web interface of managed firewalls. https://docs.paloaltonetworks.com/panorama/10-1/panorama-admin/panorama-overview/role-based-access-control/access-domains.html
質問 91
An administrator allocates bandwidth to a Prisma Access Remote Networks compute location with three remote networks.
What is the minimum amount of bandwidth the administrator could configure at the compute location?
- A. 75Mbps
- B. 50Mbps
- C. 300 Mbps
- D. 90Mbps
正解: B
解説:
The number you specify for the bandwidth applies to both the egress and ingress traffic for the remote network connection. If you specify a bandwidth of 50 Mbps, Prisma Access provides you with a remote network connection with 50 Mbps of bandwidth on ingress and 50 Mbps on egress.
Your bandwidth speeds can go up to 10% over the specified amount without traffic being dropped; for a 50 Mbps connection, the maximum bandwidth allocation is 55 Mbps on ingress and 55 Mbps on egress (50 Mbps plus 10% overage allocation).
https://docs.paloaltonetworks.com/prisma/prisma-access/prisma-access-panorama- admin/prisma-access-for-networks/how-to-calculate-network-bandwidth
質問 92
An administrator has configured a QoS policy rule and a QoS profile that limits the maximum allowable bandwidth for the YouTube application. However , YouTube is consuming more than the maximum bandwidth allotment configured.
Which configuration step needs to be configured to enable QoS?
- A. Enable QoS monitor
- B. Enable QoS Data Filtering Profile
- C. Enable Qos interface
- D. Enable Qos in the interface Management Profile.
正解: C
解説:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-web-interface-help/network/network-qos/qos-interface-settings#
https://docs.paloaltonetworks.com/pan-os/10-0/pan-os-admin/quality-of-service/configure-qos.html
QoS implementation on a Palo Alto Networks firewall begins with three primary configuration components that support a full QoS solution: a QoS policy, a QoS Profile, and configuration of the QoS egress interface.
質問 93
Which steps should an engineer take to forward system logs to email?
- A. Create a new email profile under Device > server profiles; then navigate to Objects > Log Forwarding profile > set log type to system and the add email profile.
- B. Create a new email profile under Device > server profiles: then navigate to Device > Log Settings > System and add the email profile under email.
- C. Enable log forwarding under the email profile in the Device tab.
- D. Enable log forwarding under the email profile in the Objects tab.
正解: B
質問 94
In an enterprise deployment, a network security engineer wants to assign rights to a group of administrators without creating local administrator accounts on the firewall.
Which authentication method must be used?
- A. LDAP
- B. Kerberos
- C. RADlUS with Vendor-Specific Attributes
- D. Certificate-based authentication
正解: D
解説:
As a more secure alternative to password-based authentication to the Panorama web interface, you can configure certificate-based authentication for administrator accounts that are local to Panorama. Certificate- based authentication involves the exchange and verification of a digital signature instead of a password.
https://www.paloaltonetworks.com/documentation/80/panorama/panorama_adminguide/set-up- panorama/configure-a-panorama-administrator-with-certificate-based-authentication-for-the-web- interface
質問 95
A host attached to Ethernet 1/4 cannot ping the default gateway. The widget on the dashboard shows Ethernet 1/1 and Ethernet 1/4 to be green. The IP address of Ethernet 1/1 is 192.168.1.7 and the IP address of Ethernet 1/4 is 10.1.1.7. The default gateway is attached to Ethernet 1/1. A default route is properly configured.
What can be the cause of this problem?
- A. No Zone has been configured on Ethernet 1/4.
- B. DNS has not been properly configured on the host.
- C. Interface Ethernet 1/1 is in Virtual Wire Mode.
- D. DNS has not been properly configured on the firewall.
正解: A
質問 96
The firewall identifies a popular application as an unknown-tcp.
Which two options are available to identify the application? (Choose two.)
- A. Create a Security policy to identify the custom application.
- B. Create a custom object for the custom application server to identify the custom application.
- C. Create a custom application.
- D. Submit an App-ID request to Palo Alto Networks.
正解: C,D
解説:
Explanation
https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/app-id/use-application-objects-in-policy/create-a-cu
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/app-id/manage-custom-or-unknown-applications.htm
質問 97
Refer to the exhibit.
Which certificates can be used as a Forwarded Trust certificate?
- A. Forward_Trust
- B. Domain-Root-Cert
- C. Certificate from Default Trust Certificate Authorities
- D. Domain Sub-CA
正解: D
質問 98
When using the predefined default profile, the policy will inspect for viruses on the decoders. Match each decoder with its default action.
Answer options may be used more than once or not at all.
正解:
解説:
質問 99
How is the Forward Untrust Certificate used?
- A. It is used for Captive Portal to identify unknown users.
- B. It is used when web servers request a client certificate.
- C. It issues certificates encountered on the Untrust security zone when clients attempt to connect to a site that has be decrypted/
- D. It is presented to clients when the server they are connecting to is signed by a certificate authority that is not trusted by firewall.
正解: D
質問 100
A company hosts a publically accessible web server behind a Palo Alto Networks next generation firewall with the following configuration information.
* Users outside the company are in the "Untrust-L3" zone
* The web server physically resides in the "Trust-L3" zone.
* Web server public IP address: 23.54.6.10
* Web server private IP address: 192.168.1.10
Which two items must be NAT policy contain to allow users in the untrust-L3 zone to access the web server? (Choose two)
- A. Destination IP of 23.54.6.10
- B. Destination IP of 192.168.1.10
- C. Untrust-L3 for both Source and Destination zone
- D. Untrust-L3 for Source Zone and Trust-L3 for Destination Zone
正解: A,D
質問 101
Which three authentication services can administrator use to authenticate admins into the Palo Alto Networks NGFW without defining a corresponding admin account on the local firewall? (Choose three.)
- A. Kerberos
- B. PAP
- C. RADIUS
- D. TACACS+
- E. SAML
- F. LDAP
正解: A,E,F
解説:
Explanation
https://docs.paloaltonetworks.com/pan-os/8-0/pan-os-admin/firewall-administration/manage-firewall-administrat The administrative accounts are defined on an external SAML, TACACS+, or RADIUS server. The server performs both authentication and authorization. For authorization, you define Vendor-Specific Attributes (VSAs) on the TACACS+ or RADIUS server, or SAML attributes on the SAML server.
PAN-OS maps the attributes to administrator roles, access domains, user groups, and virtual systems that you define on the firewall. For details, see:
Configure SAML AuthenticationConfigure TACACS+ AuthenticationConfigure RADIUS Authentication
質問 102
When planning to configure SSL Froward Proxy on a PA 5260, a user asks how SSL decryption can be implemented using phased approach in alignment with Palo Alto Networks best practices What should you recommend?
- A. Enable SSL decryption for known malicious destination IP addresses
- B. Enable SSL decryption for malicious source users
- C. Enable SSL decryption for source users and known malicious URL categories
- D. Enable SSL decryption for known malicious source IP addresses
正解: A
質問 103
Which CLI command displays the current management plan memory utilization?
- A. > show system resources
- B. > debug management-server show
- C. > show system info
- D. > show running resource-monitor
正解: A
解説:
https://live.paloaltonetworks.comHYPERLINK "https://live.paloaltonetworks.com/t5/Management- Articles/Show-System-Resource-Command-Displays-CPU-Utilization-of-9999/ta- p/58149"/t5/Management-Articles/Show-System-Resource-Command-Displays-CPU-Utilization-of-
9999/ta-p/58149
質問 104
......
Palo Alto Networks PCNSE 認定試験の出題範囲:
トピック | 出題範囲 |
---|---|
トピック 1 |
|
トピック 2 |
|
トピック 3 |
|
トピック 4 |
|
トピック 5 |
|
トピック 6 |
|
トピック 7 |
|
トピック 8 |
|
トピック 9 |
|
合格突破受験者シミュレーションされたPCNSE試験問題集:https://www.goshiken.com/Palo-Alto-Networks/PCNSE-mondaishu.html
無料テストエンジンはPalo Alto Networks Certified Security Engineer (PCNSE) PAN-OS 10.0認定試験:https://drive.google.com/open?id=1ce7TdI6ASs9iAHlLOOL5tpYv3XvfcHjw